-
Title
PowerShell: How to configure Remote Powershell Access for managing Rapid Recovery -
Description
You want to manage remotely an Rapid Recovery Core using PowerShell. Both the core and the remote management workstation are Windows 2012 or later but are located on different domains (or at least one does not belong to any domain). You know that the Rapid Recovery PowerShell module can be run on cores only and you do not intend installing the core software on the management workstation. Additionally, you need to execute a series of PowerShell commands that do not pertain to the Rapid Recovery PowershellModule and which do not allow being run remotely.
-
Resolution
PowerShell Scripting Disclaimer:
This script is provided "as is" for the purpose of illustrating how product tasks may be performed in conjunction with PowerShell. Support shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this script or of the principles it demonstrates. See PowerShell Scripting Support for more information.
Configure the winrm service on the core to allow being accessed from the management workstation and add the management workstation on the trusted hosts list of the remote core. Since this is a complex operation, a powershell script capable of performing this operation and at the same time maintain the winrm capabilities on the Rapid Recovery core has been prepared.
The script allows entering the IP address for the management workstation and preparing the necessary permissions, reverting to the default settings, adding ip addresses to the trusted hosts list and removing the trusted hosts list. Additionally, for reference, the current configuration can be shown, without making any changes to the winrm configuration. After the script is executed, the winrm service is restarted.
The script help feature is fully documented and can be accessed by typing:#Get-Help wirmconfigure.ps1 -fullThe script code is shown below between horizontal lines and attached to the KB.________________________________________________________<#.SynopsisThe script modifies the winrm settings to allow cross domain or cross workgroups connections. Please note that only LOCAL ADMIN credentials will work if you connect from another Domain or Workgroup..DescriptionOnly one parameter at a time should be used to perform the various functions of this script.Parameter ipaddressThe IP address to be added to the trusted hosts list. If a list of ip addresses is to be added, please use double quotes to enclose the listi.e.: `"10.10.0.1,10.100.100.3,20.12.5.2`".Parameter reverseChanges all values to the default settings without removing the trustedhosts list.Parameter showonlyShows current settings.Parameter removetrustedhostsRemoves the trustedhosts list.Examplewinrmconfigure.ps1 -ipaddress `"10.10.0.1,10.100.100.3,20.12.5.2`".Examplewinrmconfigure.ps1 -ipaddress 10.10.0.1.Examplewinrmconfigure.ps1 -reverse.Examplewinrmconfigure.ps1 -showonly.Examplewinrmconfigure.ps1 -removetrustedhosts#>param ([Parameter(ParameterSetName='Main',Mandatory=$true)][string]$ipaddress,[Parameter(ParameterSetName='Extra1',Mandatory=$true)][switch]$reverse=$false,[Parameter(ParameterSetName='Extra2',Mandatory=$true)][switch]$showonly=$false,[Parameter(ParameterSetName='Extra3',Mandatory=$true)][switch]$removetrustedhosts=$false)function get-values {$trustedhosts = (get-childitem wsman:\localhost\client\trustedhosts).value$matrix=@()$line = [pscustomobject]@{Item="Client:TrustedHost";value=$trustedhosts}$matrix += $line$x = (get-childitem wsman:\localhost\client\allowunencrypted).value$line = [pscustomobject]@{Item="Client:AllowUnencrypted";value=$x}$matrix += $line$x = (get-childitem wsman:\localhost\client\auth\basic).value$line = [pscustomobject]@{Item="Client:BasicAuthentication";value=$x}$matrix += $line$x = (get-childitem wsman:\localhost\service\allowunencrypted).value$line = [pscustomobject]@{Item="Service:AllowUnencrypted";value=$x}$matrix += $line$x = (get-childitem wsman:\localhost\service\auth\basic).value$line = [pscustomobject]@{Item="Service:BasicAuthentication";value=$x}$matrix += $line$matrix | ft -AutoSizereturn}clsWrite-Host "`r`nConfigure WinRm for Out-of-Domain Quickaccess`r`n---------------------------------------------`r`n"winrm quickconfigif(!($reverse)){$op= "true"} else {$op="false"}if($showonly.IsPresent){get-values}else {get-values$trustedhosts = (get-childitem wsman:\localhost\client\trustedhosts).value#$trustedhosts = (get-childitem wsman:\localhost\client\trustedhosts).valueif($removetrustedhosts.IsPresent -or $reverse.IsPresent){Write-host "The removetrustedhosts and/or reverse parameter(s) are present" -f Yellow$trustedhosts = ""}else{if(((($trustedhosts).trim()).length) -gt 0){$trustedhosts = $trustedhosts.Trim()if($trustedhosts.Replace($ipaddress,"").length -eq $trustedhosts.Length){$trustedhosts += ",$IPaddress"}else{Write-host "Trustedhosts: $trustedhosts -- $ipaddress already in the list" -f Yellow;break}}else {$trustedhosts = $ipaddress}}set-item wsman:\localhost\client\trustedhosts -value $trustedhosts -Forceset-item wsman:\LocalHost\client\allowunencrypted -value $op -Forceset-item wsman:\LocalHost\client\auth\basic -value $op -Forceset-item wsman:\LocalHost\service\allowunencrypted -value $op -Forceset-item wsman:\LocalHost\service\auth\basic -value $op -Forceget-values}Write-host "`r`nRestarting winrm...`r`n"restart-service winrm________________________________________________________ -
Attachments